|CERT-In Vulnerability Note
Multiple Vulnerabilities in IBM WebSphere Portal
Original Issue Date:December 23, 2015
Severity Rating: MEDIUM
- IBM WebSphere Portal 6.1, 7.0, 8.0, 8.5
Multiple vulnerabilities have been reported in the IBM WebSphere Portal which could be exploited by a remote attacker and can cause cross-site scripting and Denial of Service attacks.
1. IBM WebSphere Portal cross site scripting (XSS) vulnerability
Multiple vulnerabilities exist in IBM WebSphere Portal due to improper validation of user-supplied input which allows remote attackers to create a specially crafted URL which once clicked by target user will cause arbitrary scripting code to be executed by the target users browser within the security context of the web site. Successful exploitation of the vulnerability allows remote attacker to access the target users cookies (including authentication cookies).
2. Denial of service Vulnerability
This vulnerability exists in IBM WebSphere Portal due to insufficient input validation. A remote attacker could exploit this vulnerability by uploading a specially crafted document to cause the consumption of all memory resources on the affected systems to crash resulting in a denial of service (DoS) condition.
Apply appropriate patches as mentioned in the IBM Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003